25 matches found
UBUNTU-CVE-2025-11175
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...
EUVD-2019-3297
Malware in sbrugna...
EUVD-2013-5548
Malware in sbrugna...
EUVD-2010-1977
Malware in sbrugna...
EUVD-2006-5415
Malware in sbrugna...
EUVD-2022-31416
Malicious code in bioql PyPI...
EUVD-2024-0471
Malicious code in bioql PyPI...
CVE-2021-24141
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...
WordPress ShopApper plugin <= 0.4.59 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin Mobile App for WooCommerce versions = 0.4.59...
WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin GB Gallery Slideshow versions = 1.3...
WordPress Task Scheduler Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Task Scheduler versions = 1.6.3...
K000150206: PostgreSQL vulnerabilities CVE-2019-10211, CVE-2017-7546, and CVE-2015-0244
Security Advisory Description CVE-2019-10211 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. CVE-2017-7546 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerabl...
Linux Distros Unpatched Vulnerability : CVE-2006-4023
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers ...
CVE-2024-36078
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...
PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
The PostgreSQL Project reports: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1179)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-0359
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely...
CVE-2025-0558
CVE-2025-0558 affects TDuckCloud tduck-platform up to 4.0. The vulnerability lies in the function QueryProThemeRequest (src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java), where manipulation of the color parameter enables an SQL injection. Impact as described across sources: re...
Imperva’s Wildest 2025 AppSec Predictions
Humans are spectacularly bad at predicting the future. Which is why, when someone appears to be able to do it on a regular basis, they are hailed as visionaries, luminaries and celebrated with cool names like Nostradamus and The Amazing Kreskin. Nostradamus made his fame on predictions about the...
CVE-2022-4154 Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive...